Record of Processing Activities - Derby Theatre

Record of Processing Activities - Derby Theatre

Registration Number: ZB056937

Date Registered: 23rd April 2021

Registration Expires: 22nd April 2023

Data Controller: University of Derby Theatre Ltd

Address: University of Derby Theatre Ltd, Derby Theatre, 15 Theatre Walk St Peter's Quarter, Derby, DE1 2NF

This register entry describes, in very general terms, the personal data being processed by: University of Derby Theatre Ltd

Nature of Work: Box Office/Ticketing Agency

Description of Processing

The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.

Reasons/Purposes for Processing Information

We process personal information to enable us to provide a service for the selling and purchasing of tickets for events, trading and sharing in personal information, market research, supporting and managing our employees, maintaining our advertising and marketing and keeping our own accounts and records up to date. We also process personal information for the use of CCTV systems to monitor and collect visual images for the purposes of security and the prevention and detection of crime.

Type/Classes of Information Processed

We process information relevant to the above reasons/purposes. This may include:

• Personal files
• Family details
• Lifestyle and social circumstances
• Employment and education details
• Financial details
• Goods or services provided

We also process sensitive classes of information that may include:

• Racial or ethnic origins
• Religious or other similar beliefs
• Trade union membership
• Offences and alleged offences

Who the Information is Processed About

We process personal information about:

• Staff
• Customers and clients
• Suppliers
• Complainants, enquirers
• Individuals captured by CCTV images

Who the Information May be Shared With

We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:

• Staff
• Family, associates and representatives or the person whose personal data we are processing
• Customers and clients
• Current, past or prospective employers
• Education and examining organisations
• Financial organisations
• Trade unions
• Professional bodies
• Central government
• Survey and research organisations
• Traders in personal data
• Other companies in the same group
• Complainants and enquirers
• Police forces, security organisations

Transfers

It may sometimes be necessary to transfer personal information overseas. When this is needed information is shared worldwide. Any transfers made will be in full compliance with all aspects of the Data Protection Act.

Need advice?

You can contact us at gdpr@derby.ac.uk